ThreatX - Blog

*We are thrilled to introduce and feature David Geer on the ThreatX Blog. David is a content marketing writer and market influencer specializing in cybersecurity.*

You’ve heard that nation-state hackers stole 145 million consumer records in the 2017 Equifax breach. Did you know that this attack and breaches at Amazon, Facebook, T-Mobile, and the Black Hat security conference all targeted vulnerable APIs?

Thanks to APIs, your consumers, employees, and partners benefit from robust applications with rich features. But, cyberthugs profit too, because they can leverage APIs and their flaws to get to your data.

Thousands of new APIs become available each year on ProgrammableWeb.com alone. The global cloud API market will generate more than $1.7 billion in revenues by 2026, according to Persistence Market Research. With organizations like yours creating and using more APIs each year, the attack surface grows ever broader. Any solution must surround and secure your APIs, apps, and data despite the burgeoning landscape.

Friday’s news of Marriott’s massive breach sent shock waves throughout the cybersecurity industry and consumer sectors alike. Brian Krebs described the “colossal intrusion” and numerous other security experts joined in to analyze what missteps the chain may have taken, how the breach could have been prevented, and what we as an industry can learn from the catastrophe.

Slow. Antiquated. Android.

Remember the old Android device you used to use? Many of us have old versions of these devices sitting around that worked well 5 or 6 years ago, but are, unfortunately, too slow or outdated to use today. The hardware is lethargic and the Android OS hasn’t been patched for years. This is never more evident than when you try using a web browser on one of these devices and watch it struggle while rendering an element-rich site. The fact is, older devices simply don’t have sufficient CPU power to quickly display a complex page, even those designed to be responsive or mobile friendly.

In the first two parts of this series we discussed methods to identify and block a few different types of botnet traffic, namely commodity comment/form spam and slightly more targeted attacks like distributed password guessing. This final part covers a slightly different way of analyzing malicious web traffic: grouping attackers based on their behavioral characteristics.

The previous post in this series discussed comment spam, one of the most pervasive forms of 'botnet' web traffic and accordingly, one of the least targeted varieties of attack. Part II will discuss a more serious form of botnet traffic: Targeted attacks that are coordinated centrally and distributed across multiple actors in an attempt to avoid security controls.

The following is the first post in a three-part series surrounding bot detection and neutralization based on botnet analysis. The series will begin by addressing commodity form/comment spam. 

One of the unfortunate realities of running a site on the Internet is the amount of "background noise" -- the automated, unsophisticated, poorly targeted attacks, which make up the bulk of malicious web traffic. For the sake of this series, we're calling this 'botnet' traffic. 

In today’s complex cybersecurity landscape, it is very apparent that threats can and will originate from virtually anywhere and hardly ever follow predictable patterns. We consistently share this knowledge with our customers and use these insights to drive our product updates and roadmap.

This fact alone makes the task of properly securing your applications even more challenging. To effectively secure your applications, it is critical to implement security controls using the zero-trust model. That means you should not rely solely on external reputation sources, threat feeds, or patches. In fact, we have found that many of the threats we identify using behavioral analysis methods go undetected when using the more traditional methods. More accurate and reliable detection is critical to effective application security, especially when attacks come from the most unsuspecting of sources.

Continued from part I. Credit card fraud is an increasingly prevalent issue for card holders, card issuers, and merchants alike. Traditional approaches to WAF technology may lack the intelligence to detect and neutralize credit card fraudsters, but there are new ways, such as ThreatX's contextual behavioral analysis, that are effective in neutralizing these attacks.